RIMS Risk Maturity Model FAQ

Page Content

Why is the RIMS Risk Maturity Model important for organizations?

The RIMS Risk Maturity Model is a valuable tool for your business planning and decision making by improving your organization's risk management competency. By creating a common risk management approach, your organization can uncover dependencies and break down silos. This leads to a more effective, integrated and informed risk management organizational capability for addressing uncertainty. Greater certainty leads to improved strategic planning and adaptability, we well as more smoothly run operations, where people can focus on proactive activities rather than reactive fixes. At the end of the day, this could result in a better bottom line, up to a 25% improved firm value according to researchers. The RIMS Risk Maturity Model provides standardized criteria by which organizations can benchmark risk management strategies in order to assess program maturity levels, strengths and weaknesses, and develop next steps in the evolution of their ERM programs.

How is the RIMS Risk Maturity Model relevant for you?

Developed jointly as a risk management resource between RIMS and LogicManager, the RIMS Risk Maturity Model (RMM) is a best-practice framework and free online assessment tool intended for individuals with risk management responsibilities. It’s a resource designed to help implement and sustain enterprise risk management programs. The RIMS RMM is an educational, planning and measurement resource for boards of directors, chief executive officers, chief financial officers, chief risk officers and other risk management professionals, as well as chief audit executives and consultants, to evaluate the effectiveness and efficiency of an organization’s ERM program.

What are the basic principles of the RIMS Risk Maturity Model?

The RIMS RMM model consists of 68 key readiness indicators that describe twenty-five competency drivers for seven attributes that create ERM’s value and utility in an organization. The RMM maturity ladder is organized progressively from “ad hoc” to “leadership” and depicts corresponding levels of risk management competency in seven attributes: ERM-based Approach, ERM Process Management, Root Cause Discipline, Risk Appetite Management, Uncovering Risks, Performance Management and Business Resiliency and Sustainability. The RIMS RMM helps you and your leadership team plot a roadmap to the successful integration of ERM. A unique feature of the Model is its applicability regardless of the specialized frameworks and standards that your organization is using, whether it be the international ISO 31000:2018 standard, the COSO ERM Framework 2017, COBIT, Standard & Poor’s risk management guidelines or some combination.

What is the theoretical basis for the RIMS Risk Maturity Model?

The Risk Maturity Model is based on the Capability Maturity Model, a methodology founded by the Carnegie Mellon University Software Engineering Institute (SEI) in the 1980’s. Originally, the model was used to advance software engineering processes. Since then the theory behind the Maturity Model has been applied to other corporate operations such as supply chain and people management, and embraced by some organizations within technology, finance and defense industries. Enterprise risk managers from various business sectors joined forces with RIMS and LogicManager to develop the RIMS Risk Maturity Model for ERM in order to apply this accepted methodology to improve processes within the risk management discipline.

How do I use RIMS Risk Maturity Model?

In order to get the most out of RIMS Risk Maturity Model, we encourage you to take the free online Risk Maturity Assessment in order to get a snapshot of where your risk program stands today. You can then compare your personalized assessment against the full guidelines to identify gaps, and develop a plan for continuous improvement. Strengthen your risk management approach by putting your plan into action. Repeat the assessment periodically to re-evaluate progress and changes in your organization’s competencies.

RIMS members can gain access to the full guidelines upon completing the online assessment or by downloading the executive report "About the RIMS RMM" from Risk Knowledge. An Executive Summary, which provides an overview of the RIMS Risk Maturity Model is also available.

You can join RIMS by clicking here: www.RIMS.org/JoinToday. Members receive discounts to the Annual Conference & Exhibition as well as other Professional Development courses and workshops, access to the Career Center and Job Bank, Risk Management magazine and a wealth of other benefits and services. ​Workshops on the RIMS Risk Maturity Model for ERM are offered periodically. Join fellow risk management professionals and learn how to apply the Risk Maturity Model to your organization, assess your risk culture competency and develop an action plan to strengthen your risk management approach. Reserve your place today at an upcoming workshop on RIMS Risk Maturity Model and other ERM-related courses: www.RIMS.org/Education

RIMS Risk Maturity Model for Enterprise Risk Management was developed with the support of co-developer Steven Minsky, CEO of LogicManager, Inc. (www.logicmanager.com). LogicManager is a leading developer of ERM solutions and creator of its own innovative risk maturity model. LogicManager, based in Boston, donated its intellectual property, expertise and services for the development of the RIMS Risk Maturity Model for Enterprise Risk Management. RIMS State of ERM Report 2008is authored by Steven Minsky with contributions from members of RIMS ERM Development Committee. The report is produced by LogicManager and published by RIMS.